Tuning cPanel TLS for SMTP incoming email reception

Newer versions of the WHM/cPanel software often has default SSL/TLS settings in its Exim based mail server that will reject connections from some Internet hosts on the standard SMTP port (port 25) with an error like:

TLS error on connection from … (SSL_accept): error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol

If this is happening, you can “dial down” the default SSL/TLS settings of cPanel’s Exim mail server through logging into your WHM site as its ‘root’ user, going to WHM -> Service configuration -> Exim Configuration Manager page and in the Find: field type “ssl”.
You’ll then see some items in the Security section of this configuration and you should set the following:

Allow weak SSL/TLS ciphers = On

Require clients to connect with SSL or issue the STARTTLS command before they are allowed to authenticate with the server = Off

Options for OpenSSL = +no_sslv2 +no_sslv3

And then Save those updates.

This returns cPanel’s Exim mail server to older settings more compatible with much of the Internet’s email traffic.

FYI,
Richard.

This entry was posted in Network Presence, Sales and tagged , . Bookmark the permalink.